Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,876
Maven
5,000+
npm
4,502
NuGet
780
pip
4,254
Pub
12
RubyGems
975
Rust
1,100
Swift
49
Unreviewed advisories
All unreviewed
5,000+

11,753 advisories

Loading
The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an... High Unreviewed
CVE-2026-0919 was published Jan 27, 2026
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the... High Unreviewed
CVE-2026-1315 was published Jan 27, 2026
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed... Moderate Unreviewed
CVE-2025-65264 was published Jan 27, 2026
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to... Moderate Unreviewed
CVE-2026-24347 was published Jan 27, 2026
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146... High Unreviewed
CVE-2026-24348 was published Jan 27, 2026
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to... Moderate Unreviewed
CVE-2026-24345 was published Jan 27, 2026
Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with... Critical Unreviewed
CVE-2026-24811 was published Jan 27, 2026
Logback allows an attacker to instantiate classes already present on the class path Low
CVE-2026-1225 was published for ch.qos.logback:logback-core (Maven) Jan 22, 2026
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the... High Unreviewed
CVE-2025-27378 was published Jan 22, 2026
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF... High Unreviewed
CVE-2025-66959 was published Jan 21, 2026
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs... High Unreviewed
CVE-2025-66960 was published Jan 21, 2026
Apache Solr: Insufficient file-access checking in standalone core-creation requests High
CVE-2026-22444 was published for org.apache.solr:solr-core (Maven) Jan 21, 2026
Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash Moderate
CVE-2026-23886 was published for github.com/swift-otel/swift-otel (Swift) Jan 21, 2026
czechboy0 slashmo
Credited to czechboy0 and slashmo
Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy` High
GHSA-8h3q-9fpp-c883 was published for wrangler (npm) Jan 21, 2026 withdrawn
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to... High Unreviewed
CVE-2025-66902 was published Jan 20, 2026
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59... Critical Unreviewed
CVE-2026-0903 was published Jan 20, 2026
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass High
CVE-2025-29847 was published for org.apache.linkis:linkis (Maven) Jan 19, 2026
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up... Moderate Unreviewed
CVE-2025-12718 was published Jan 17, 2026
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory... High Unreviewed
CVE-2025-48647 was published Jan 16, 2026
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of... Moderate Unreviewed
CVE-2025-9014 was published Jan 15, 2026
Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse High
CVE-2026-22774 was published for devalue (npm) Jan 15, 2026
jviide elliott-with-the-longest-name-on-github
Rich-Harris
Credited to jviide, elliott-with-the-longest-name-on-github, and Rich-Harris
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to... High Unreviewed
CVE-2026-22643 was published Jan 15, 2026
Keycloak has an improper input validation vulnerability Low
CVE-2026-0976 was published for org.keycloak:keycloak-quarkus-server (Maven) Jan 15, 2026
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera... High Unreviewed
CVE-2025-65397 was published Jan 14, 2026
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2025-68964 was published Jan 14, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database